{"host": "krb2002.codfw.wmnet", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 3184, "only_in_self": ["Ferm::Service[kerberos_kpropd_tcp]", "File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]", "Firewall::Service[kerberos_kpropd_tcp]", "Nftables::Service[kerberos_kpropd_tcp]"], "only_in_other": ["Concat::Fragment[/etc/rsyncd.conf-srv-keytabs]", "Concat_fragment[/etc/rsyncd.conf-srv-keytabs]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]", "File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]", "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]", "File[/var/log/wmf_auto_restart_krb5-admin-server]", "File_line[auto_restart_file_presence_krb5-admin-server]", "Logrotate::Conf[wmf_auto_restart_krb5-admin-server]", "Profile::Auto_restarts::Service[krb5-admin-server]", "Rsyslog::Conf[wmf_auto_restart_krb5-admin-server]", "Service[krb5-admin-server]", "Service[wmf_auto_restart_krb5-admin-server.timer]", "Systemd::Service[wmf_auto_restart_krb5-admin-server]", "Systemd::Syslog[wmf_auto_restart_krb5-admin-server]", "Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server]", "Systemd::Timer[wmf_auto_restart_krb5-admin-server]", "Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]", "Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer]"], "resource_diffs": [{"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Timer[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Timer[wmf_auto_restart_rsync].orig\n+++ Systemd::Timer[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Timer[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Timer[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Timer[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Profile::Auto_restarts::Service[rsync]", "parameters": "--- Profile::Auto_restarts::Service[rsync].orig\n+++ Profile::Auto_restarts::Service[rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Concat_fragment[/etc/rsyncd.conf-srv-keytabs]", "content": "--- /etc/rsyncd.conf-srv-keytabs.orig\n+++ /etc/rsyncd.conf-srv-keytabs\n@@ -0,0 +1,20 @@\n+# This file is being maintained by Puppet.\n+# DO NOT EDIT\n+\n+[ srv-keytabs ]\n+path            = /srv/kerberos/keytabs\n+read only       = yes\n+write only      = no\n+list            = yes\n+uid             = 0\n+gid             = 0\n+use chroot      = yes\n+\n+\n+max connections = 0\n+\n+\n+secrets file = /srv/kerberos/rsync_secrets_file\n+auth users = kerb\n+hosts allow = puppetserver1001.eqiad.wmnet localhost\n+", "parameters": "--- Concat_fragment[/etc/rsyncd.conf-srv-keytabs].orig\n+++ Concat_fragment[/etc/rsyncd.conf-srv-keytabs]\n\n+    target => /etc/rsyncd.conf\n+    order  => 10\n+    tag    => _etc_rsyncd.conf\n"}, {"resource": "File[/var/log/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/var/log/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/var/log/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => directory\n+    ensure => absent\n"}, {"resource": "File[/srv/kerberos/rsync_secrets_file]", "parameters": "--- File[/srv/kerberos/rsync_secrets_file].orig\n+++ File[/srv/kerberos/rsync_secrets_file]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Class[Profile::Apt]", "parameters": "--- Class[Profile::Apt].orig\n+++ Class[Profile::Apt]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[rsync]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[rsync]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']\n"}, {"resource": "Service[wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- Service[wmf_auto_restart_krb5-kpropd.timer].orig\n+++ Service[wmf_auto_restart_krb5-kpropd.timer]\n\n+    before => ['Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]']\n@@\n-    enable => True\n+    enable => False\n@@\n-    ensure => running\n+    ensure => stopped\n"}, {"resource": "Systemd::Unit[replicate-krb-database.timer]", "parameters": "--- Systemd::Unit[replicate-krb-database.timer].orig\n+++ Systemd::Unit[replicate-krb-database.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Ferm::Service[kerberos_kpropd_tcp]", "parameters": "--- Ferm::Service[kerberos_kpropd_tcp].orig\n+++ Ferm::Service[kerberos_kpropd_tcp]\n\n-    srange              => ['krb1002.eqiad.wmnet']\n-    port                => 754\n-    proto               => tcp\n-    ensure              => present\n-    prio                => 10\n-    desc                => \n-    unrestricted_access => False\n-    notrack             => False\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_rsync]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_rsync].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Unit[replicate-krb-database.service]", "parameters": "--- Systemd::Unit[replicate-krb-database.service].orig\n+++ Systemd::Unit[replicate-krb-database.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Monitoring::Exported_nagios_service[krb2002 check_replicate-krb-database_status]", "parameters": "--- Monitoring::Exported_nagios_service[krb2002 check_replicate-krb-database_status].orig\n+++ Monitoring::Exported_nagios_service[krb2002 check_replicate-krb-database_status]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Class[Profile::Kerberos::Kadminserver]", "parameters": "--- Class[Profile::Kerberos::Kadminserver].orig\n+++ Class[Profile::Kerberos::Kadminserver]\n\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]\n\n+    before => ['Service[wmf_auto_restart_rsync.timer]']\n"}, {"resource": "Systemd::Timer::Job[replicate-krb-database]", "parameters": "--- Systemd::Timer::Job[replicate-krb-database].orig\n+++ Systemd::Timer::Job[replicate-krb-database]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Firewall::Service[kerberos_kpropd_tcp]", "parameters": "--- Firewall::Service[kerberos_kpropd_tcp].orig\n+++ Firewall::Service[kerberos_kpropd_tcp]\n\n-    srange              => ['krb1002.eqiad.wmnet']\n-    port                => 754\n-    proto               => tcp\n-    ensure              => present\n-    prio                => 10\n-    desc                => \n-    unrestricted_access => False\n-    notrack             => False\n"}, {"resource": "Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]", "parameters": "--- Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)].orig\n+++ Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]\n\n+    before => ['Service[replicate-krb-database.timer]']\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-admin-server.service].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]\n\n+    unit              => wmf_auto_restart_krb5-admin-server.service\n+    restart           => False\n+    ensure            => present\n+    override          => False\n+    require           => ['Class[Systemd]']\n+    override_filename => puppet-override.conf\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-kpropd.service]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-kpropd.service].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-kpropd.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.timer]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.timer].orig\n+++ File[/lib/systemd/system/replicate-krb-database.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File_line[auto_restart_file_presence_krb5-admin-server]", "parameters": "--- File_line[auto_restart_file_presence_krb5-admin-server].orig\n+++ File_line[auto_restart_file_presence_krb5-admin-server]\n\n+    path    => /etc/debdeploy-client/autorestarts.conf\n+    require => File[/etc/debdeploy-client/autorestarts.conf]\n+    line    => krb5-admin-server\n+    ensure  => present\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_rsync.timer]", "parameters": "--- Systemd::Unit[wmf_auto_restart_rsync.timer].orig\n+++ Systemd::Unit[wmf_auto_restart_rsync.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Profile::Auto_restarts::Service[krb5-kpropd]", "parameters": "--- Profile::Auto_restarts::Service[krb5-kpropd].orig\n+++ Profile::Auto_restarts::Service[krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Service[replicate-krb-database.timer]", "parameters": "--- Service[replicate-krb-database.timer].orig\n+++ Service[replicate-krb-database.timer]\n\n-    before => ['Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]']\n@@\n-    enable => False\n+    enable => True\n@@\n-    ensure => stopped\n+    ensure => running\n"}, {"resource": "Logrotate::Conf[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Logrotate::Conf[wmf_auto_restart_krb5-admin-server].orig\n+++ Logrotate::Conf[wmf_auto_restart_krb5-admin-server]\n\n+    ensure => present\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File_line[auto_restart_file_presence_rsync]", "parameters": "--- File_line[auto_restart_file_presence_rsync].orig\n+++ File_line[auto_restart_file_presence_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]", "content": "--- /etc/nftables/input/10_kerberos_kpropd_tcp.nft.orig\n+++ /etc/nftables/input/10_kerberos_kpropd_tcp.nft\n@@ -1,4 +0,0 @@\n-# Managed by puppet\n-# \n-ip saddr { 10.64.32.69 } tcp dport { 754 } accept\n-ip6 saddr { 2620:0:861:103:10:64:32:69 } tcp dport { 754 } accept", "parameters": "--- File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft].orig\n+++ File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]\n\n-    tag    => nft\n-    owner  => root\n-    ensure => present\n-    notify => ['Service[nftables]']\n-    mode   => 0444\n-    group  => root\n"}, {"resource": "Class[Profile::Kerberos::Kdc]", "parameters": "--- Class[Profile::Kerberos::Kdc].orig\n+++ Class[Profile::Kerberos::Kdc]\n\n@@\n-    krb_kdc_servers => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers => ['krb2002.codfw.wmnet']\n"}, {"resource": "Exec[debconf-set-selections set string krb5-config/kerberos_servers]", "parameters": "--- Exec[debconf-set-selections set string krb5-config/kerberos_servers].orig\n+++ Exec[debconf-set-selections set string krb5-config/kerberos_servers]\n\n@@\n-    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb1002.eqiad.wmnet krb2002.codfw.wmnet\"\n+    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb2002.codfw.wmnet\"\n@@\n-    command => echo set krb5-config/kerberos_servers string \"krb1002.eqiad.wmnet krb2002.codfw.wmnet\" | debconf-set-selections\n+    command => echo set krb5-config/kerberos_servers string \"krb2002.codfw.wmnet\" | debconf-set-selections\n"}, {"resource": "Nftables::Service[rsyncd_access_srv-keytabs]", "parameters": "--- Nftables::Service[rsyncd_access_srv-keytabs].orig\n+++ Nftables::Service[rsyncd_access_srv-keytabs]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]", "content": "--- /lib/systemd/system/wmf_auto_restart_krb5-admin-server.service.orig\n+++ /lib/systemd/system/wmf_auto_restart_krb5-admin-server.service\n@@ -0,0 +1,8 @@\n+[Unit]\n+Description=Auto restart job: krb5-admin-server\n+Documentation=https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+\n+[Service]\n+Type=oneshot\n+User=root\n+ExecStart=/usr/local/sbin/wmf-auto-restart -s krb5-admin-server", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]\n\n+    notify => Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]\n+    ensure => present\n+    owner  => root\n+    mode   => 0444\n+    group  => root\n"}, {"resource": "Monitoring::Service[check_replicate-krb-database_status]", "parameters": "--- Monitoring::Service[check_replicate-krb-database_status].orig\n+++ Monitoring::Service[check_replicate-krb-database_status]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Profile::Auto_restarts::Service[krb5-admin-server]", "parameters": "--- Profile::Auto_restarts::Service[krb5-admin-server].orig\n+++ Profile::Auto_restarts::Service[krb5-admin-server]\n\n+    ensure => present\n"}, {"resource": "Firewall::Service[rsyncd_access_srv-keytabs]", "parameters": "--- Firewall::Service[rsyncd_access_srv-keytabs].orig\n+++ Firewall::Service[rsyncd_access_srv-keytabs]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Rsync::Server::Module[srv-keytabs]", "parameters": "--- Rsync::Server::Module[srv-keytabs].orig\n+++ Rsync::Server::Module[srv-keytabs]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Service[replicate-krb-database]", "parameters": "--- Systemd::Service[replicate-krb-database].orig\n+++ Systemd::Service[replicate-krb-database]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]\n\n+    command     => /bin/systemctl daemon-reload\n+    refreshonly => True\n+    before      => ['Service[wmf_auto_restart_krb5-admin-server.timer]']\n"}, {"resource": "Service[krb5-admin-server]", "parameters": "--- Service[krb5-admin-server].orig\n+++ Service[krb5-admin-server]\n\n+    require => Package[krb5-admin-server]\n+    ensure  => running\n"}, {"resource": "Motd::Script[inactive_warning]", "parameters": "--- Motd::Script[inactive_warning].orig\n+++ Motd::Script[inactive_warning]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Syslog[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Syslog[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Syslog[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Syslog[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Systemd::Syslog[wmf_auto_restart_krb5-admin-server].orig\n+++ Systemd::Syslog[wmf_auto_restart_krb5-admin-server]\n\n+    programname_comparison => startswith\n+    ensure                 => present\n+    base_dir               => /var/log\n+    readable_by            => all\n+    force_stop             => True\n+    log_filename           => syslog.log\n+    owner                  => root\n+    group                  => root\n"}, {"resource": "Debconf::Set[krb5-config/kerberos_servers]", "parameters": "--- Debconf::Set[krb5-config/kerberos_servers].orig\n+++ Debconf::Set[krb5-config/kerberos_servers]\n\n@@\n-    value => krb1002.eqiad.wmnet krb2002.codfw.wmnet\n+    value => krb2002.codfw.wmnet\n"}, {"resource": "Service[wmf_auto_restart_krb5-admin-server.timer]", "parameters": "--- Service[wmf_auto_restart_krb5-admin-server.timer].orig\n+++ Service[wmf_auto_restart_krb5-admin-server.timer]\n\n+    enable   => True\n+    provider => systemd\n+    ensure   => running\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]", "content": "--- /etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf.orig\n+++ /etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf\n@@ -0,0 +1,10 @@\n+# rsyslog.conf(5) configuration file for services.\n+# This file is managed by Puppet.\n+if $programname startswith \"wmf_auto_restart_krb5-admin-server\" then {\n+    action(\n+        type=\"omfile\" file=\"/var/log/wmf_auto_restart_krb5-admin-server/syslog.log\"\n+        fileOwner=\"root\" fileGroup=\"root\"\n+        fileCreateMode=\"0644\"\n+    )\n+    & stop\n+}", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]\n\n+    notify => Service[rsyslog]\n+    ensure => present\n+    owner  => root\n+    mode   => 0444\n+    group  => root\n"}, {"resource": "Rsyslog::Conf[wmf_auto_restart_rsync]", "parameters": "--- Rsyslog::Conf[wmf_auto_restart_rsync].orig\n+++ Rsyslog::Conf[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Concat::Fragment[/etc/rsyncd.conf-srv-keytabs]", "parameters": "--- Concat::Fragment[/etc/rsyncd.conf-srv-keytabs].orig\n+++ Concat::Fragment[/etc/rsyncd.conf-srv-keytabs]\n\n+    target => /etc/rsyncd.conf\n+    order  => 10\n"}, {"resource": "Nrpe::Monitor_service[check_replicate-krb-database_status]", "parameters": "--- Nrpe::Monitor_service[check_replicate-krb-database_status].orig\n+++ Nrpe::Monitor_service[check_replicate-krb-database_status]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Service[krb5-kpropd]", "parameters": "--- Service[krb5-kpropd].orig\n+++ Service[krb5-kpropd]\n\n-    require => Package[krb5-kpropd]\n@@\n-    ensure  => running\n+    ensure  => stopped\n"}, {"resource": "Package[krb5-kpropd]", "parameters": "--- Package[krb5-kpropd].orig\n+++ Package[krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer]\n\n+    unit              => wmf_auto_restart_krb5-admin-server.timer\n+    restart           => False\n+    ensure            => present\n+    override          => False\n+    require           => ['Class[Systemd]']\n+    override_filename => puppet-override.conf\n"}, {"resource": "Systemd::Syslog[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Syslog[wmf_auto_restart_rsync].orig\n+++ Systemd::Syslog[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Service[wmf_auto_restart_rsync.timer]", "parameters": "--- Service[wmf_auto_restart_rsync.timer].orig\n+++ Service[wmf_auto_restart_rsync.timer]\n\n-    before => ['Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]']\n@@\n-    enable => False\n+    enable => True\n@@\n-    ensure => stopped\n+    ensure => running\n"}, {"resource": "Class[Profile::Kerberos::Replication]", "parameters": "--- Class[Profile::Kerberos::Replication].orig\n+++ Class[Profile::Kerberos::Replication]\n\n@@\n-    krb_kdc_servers    => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers    => ['krb2002.codfw.wmnet']\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]", "content": "--- /etc/logrotate.d/wmf_auto_restart_krb5-admin-server.orig\n+++ /etc/logrotate.d/wmf_auto_restart_krb5-admin-server\n@@ -0,0 +1,12 @@\n+# logrotate(8) config for wmf_auto_restart_krb5-admin-server\n+\n+/var/log/wmf_auto_restart_krb5-admin-server/*.log {\n+    daily\n+    copytruncate\n+    missingok\n+    compress\n+    delaycompress\n+    notifempty\n+    rotate 15\n+    size 256M\n+}", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]\n\n+    group  => root\n+    mode   => 0444\n+    owner  => root\n+    ensure => present\n"}, {"resource": "File[/usr/local/sbin/replicate_krb_database]", "content": "--- /usr/local/sbin/replicate_krb_database.orig\n+++ /usr/local/sbin/replicate_krb_database\n@@ -8,5 +8,4 @@\n \n KRB_DATABASE_FILE=/srv/backup/kdc_database_krepl_$(date +%Y%m%d%H%M%S)\n /usr/sbin/kdb5_util dump $KRB_DATABASE_FILE\n-/usr/sbin/kprop -d -f $KRB_DATABASE_FILE krb2002.codfw.wmnet\n rm -f $KRB_DATABASE_FILE", "parameters": "--- File[/usr/local/sbin/replicate_krb_database].orig\n+++ File[/usr/local/sbin/replicate_krb_database]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server].orig\n+++ Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server]\n\n+    monitoring_notes_url      => https://wikitech.wikimedia.org/wiki/Monitoring/systemd_unit_state\n+    monitoring_contact_groups => admins\n+    send_mail                 => False\n+    send_mail_only_on_error   => True\n+    require                   => File[/usr/local/sbin/wmf-auto-restart]\n+    command                   => /usr/local/sbin/wmf-auto-restart -s krb5-admin-server\n+    environment               => {}\n+    monitoring_enabled        => False\n+    user                      => root\n+    success_exit_status       => []\n+    ignore_errors             => False\n+    fixed_random_delay        => False\n+    syslog_force_stop         => True\n+    logfile_perms             => all\n+    send_mail_to              => root@krb2002.codfw.wmnet\n+    ensure                    => present\n+    private_tmp               => False\n+    logfile_basedir           => /var/log\n+    syslog_match_startswith   => True\n+    description               => Auto restart job: krb5-admin-server\n+    interval                  => {'start': 'OnCalendar', 'interval': 'Mon,Tue,Wed,Thu,Fri *-*-* 13:17:00'}\n+    logfile_name              => syslog.log\n+    logging_enabled           => True\n+    logfile_group             => root\n"}, {"resource": "Systemd::Monitor[replicate-krb-database]", "parameters": "--- Systemd::Monitor[replicate-krb-database].orig\n+++ Systemd::Monitor[replicate-krb-database]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/update-motd.d/01-inactive-warning]", "content": "--- /etc/update-motd.d/01-inactive-warning.orig\n+++ /etc/update-motd.d/01-inactive-warning\n@@ -18,6 +18,6 @@\n \n command since credentials are kept in sync via kprod replication.\n \n-The current active kadmin host is krb1002.eqiad.wmnet\n+The current active kadmin host is krb2002.codfw.wmnet\n \n MOTD", "parameters": "--- File[/etc/update-motd.d/01-inactive-warning].orig\n+++ File[/etc/update-motd.d/01-inactive-warning]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Ferm::Service[rsyncd_access_srv_keytabs]", "parameters": "--- Ferm::Service[rsyncd_access_srv_keytabs].orig\n+++ Ferm::Service[rsyncd_access_srv_keytabs]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Class[Adduser]", "parameters": "--- Class[Adduser].orig\n+++ Class[Adduser]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[rsync]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[rsync]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']\n"}, {"resource": "Rsyslog::Conf[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Rsyslog::Conf[wmf_auto_restart_krb5-kpropd].orig\n+++ Rsyslog::Conf[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Nftables::Service[kerberos_kpropd_tcp]", "parameters": "--- Nftables::Service[kerberos_kpropd_tcp].orig\n+++ Nftables::Service[kerberos_kpropd_tcp]\n\n-    port                => 754\n-    proto               => tcp\n-    ensure              => present\n-    prio                => 10\n-    src_ips             => ['10.64.32.69', '2620:0:861:103:10:64:32:69']\n-    desc                => \n-    unrestricted_access => False\n-    notrack             => False\n"}, {"resource": "Systemd::Timer[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Systemd::Timer[wmf_auto_restart_krb5-admin-server].orig\n+++ Systemd::Timer[wmf_auto_restart_krb5-admin-server]\n\n+    accuracy           => 15sec\n+    timer_intervals    => [{'start': 'OnCalendar', 'interval': 'Mon,Tue,Wed,Thu,Fri *-*-* 13:17:00'}]\n+    splay              => 0\n+    fixed_random_delay => False\n+    ensure             => present\n+    unit_name          => wmf_auto_restart_krb5-admin-server.service\n"}, {"resource": "File[/etc/krb5.conf]", "content": "--- /etc/krb5.conf.orig\n+++ /etc/krb5.conf\n@@ -12,9 +12,8 @@\n \n [realms]\n         WIKIMEDIA = {\n-                kdc = krb1002.eqiad.wmnet\n                 kdc = krb2002.codfw.wmnet\n-                admin_server = krb1002.eqiad.wmnet\n+                admin_server = krb2002.codfw.wmnet\n         }\n \n [domain_realm]"}, {"resource": "File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]", "parameters": "--- File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg].orig\n+++ File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File_line[auto_restart_file_presence_krb5-kpropd]", "parameters": "--- File_line[auto_restart_file_presence_krb5-kpropd].orig\n+++ File_line[auto_restart_file_presence_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]", "content": "--- /lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer.orig\n+++ /lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer\n@@ -0,0 +1,12 @@\n+[Unit]\n+Description=Periodic execution of wmf_auto_restart_krb5-admin-server.service\n+\n+[Timer]\n+Unit=wmf_auto_restart_krb5-admin-server.service\n+# Accuracy sets the maximum time interval around the execution time we want to allow\n+AccuracySec=15sec\n+OnCalendar=Mon,Tue,Wed,Thu,Fri *-*-* 13:17:00\n+RandomizedDelaySec=0\n+\n+[Install]\n+WantedBy=multi-user.target", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]\n\n+    notify => Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]\n+    ensure => present\n+    owner  => root\n+    mode   => 0444\n+    group  => root\n"}, {"resource": "Nrpe::Check[check_check_replicate-krb-database_status]", "parameters": "--- Nrpe::Check[check_check_replicate-krb-database_status].orig\n+++ Nrpe::Check[check_check_replicate-krb-database_status]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/krb5kdc/kpropd.acl]", "content": "--- /etc/krb5kdc/kpropd.acl.orig\n+++ /etc/krb5kdc/kpropd.acl\n@@ -1,2 +0,0 @@\n-host/krb1002.eqiad.wmnet@WIKIMEDIA\n-host/krb2002.codfw.wmnet@WIKIMEDIA", "parameters": "--- File[/etc/krb5kdc/kpropd.acl].orig\n+++ File[/etc/krb5kdc/kpropd.acl]\n\n-    mode   => 0444\n-    before => Package[krb5-kpropd]\n+    ensure => absent\n"}, {"resource": "Class[Profile::Kerberos::Client]", "parameters": "--- Class[Profile::Kerberos::Client].orig\n+++ Class[Profile::Kerberos::Client]\n\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n@@\n-    krb_kdc_servers    => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers    => ['krb2002.codfw.wmnet']\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.service]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.service].orig\n+++ File[/lib/systemd/system/replicate-krb-database.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/var/log/wmf_auto_restart_rsync]", "parameters": "--- File[/var/log/wmf_auto_restart_rsync].orig\n+++ File[/var/log/wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => directory\n"}, {"resource": "Logrotate::Conf[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Logrotate::Conf[wmf_auto_restart_krb5-kpropd].orig\n+++ Logrotate::Conf[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Service[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Service[wmf_auto_restart_rsync].orig\n+++ Systemd::Service[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Service[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Systemd::Service[wmf_auto_restart_krb5-admin-server].orig\n+++ Systemd::Service[wmf_auto_restart_krb5-admin-server]\n\n+    restart                  => False\n+    ensure                   => present\n+    unit_type                => timer\n+    require                  => Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]\n+    monitoring_enabled       => False\n+    service_params           => {}\n+    monitoring_contact_group => admins\n+    migration_task           => T407130\n+    override                 => False\n+    monitoring_critical      => False\n"}, {"resource": "Rsyslog::Conf[wmf_auto_restart_krb5-admin-server]", "parameters": "--- Rsyslog::Conf[wmf_auto_restart_krb5-admin-server].orig\n+++ Rsyslog::Conf[wmf_auto_restart_krb5-admin-server]\n\n+    mode     => 0444\n+    priority => 40\n+    require  => File[/var/log/wmf_auto_restart_krb5-admin-server]\n+    ensure   => present\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]\n\n+    refreshonly => True\n+    command     => /bin/systemctl daemon-reload\n"}, {"resource": "Systemd::Timer[replicate-krb-database]", "parameters": "--- Systemd::Timer[replicate-krb-database].orig\n+++ Systemd::Timer[replicate-krb-database]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Timer::Job[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Timer::Job[wmf_auto_restart_rsync].orig\n+++ Systemd::Timer::Job[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]\n\n-    before => ['Service[wmf_auto_restart_krb5-kpropd.timer]']\n"}, {"resource": "Logrotate::Conf[wmf_auto_restart_rsync]", "parameters": "--- Logrotate::Conf[wmf_auto_restart_rsync].orig\n+++ Logrotate::Conf[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_rsync.service]", "parameters": "--- Systemd::Unit[wmf_auto_restart_rsync.service].orig\n+++ Systemd::Unit[wmf_auto_restart_rsync.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Service[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Service[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Service[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]", "parameters": "--- File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft].orig\n+++ File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/var/log/wmf_auto_restart_krb5-admin-server]", "parameters": "--- File[/var/log/wmf_auto_restart_krb5-admin-server].orig\n+++ File[/var/log/wmf_auto_restart_krb5-admin-server]\n\n+    backup => False\n+    owner  => root\n+    ensure => directory\n+    force  => True\n+    mode   => 0755\n+    group  => root\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}], "perc_changed": "3.77%"}, "core": {"total": 3184, "only_in_self": ["File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]"], "only_in_other": ["Concat_fragment[/etc/rsyncd.conf-srv-keytabs]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]", "File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]", "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]", "File[/var/log/wmf_auto_restart_krb5-admin-server]", "File_line[auto_restart_file_presence_krb5-admin-server]", "Service[krb5-admin-server]", "Service[wmf_auto_restart_krb5-admin-server.timer]"], "resource_diffs": [{"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Service[krb5-kpropd]", "parameters": "--- Service[krb5-kpropd].orig\n+++ Service[krb5-kpropd]\n\n-    require => Package[krb5-kpropd]\n@@\n-    ensure  => running\n+    ensure  => stopped\n"}, {"resource": "Package[krb5-kpropd]", "parameters": "--- Package[krb5-kpropd].orig\n+++ Package[krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/var/log/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/var/log/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/var/log/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => directory\n+    ensure => absent\n"}, {"resource": "File[/srv/kerberos/rsync_secrets_file]", "parameters": "--- File[/srv/kerberos/rsync_secrets_file].orig\n+++ File[/srv/kerberos/rsync_secrets_file]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Service[wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- Service[wmf_auto_restart_krb5-kpropd.timer].orig\n+++ Service[wmf_auto_restart_krb5-kpropd.timer]\n\n+    before => ['Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]']\n@@\n-    enable => True\n+    enable => False\n@@\n-    ensure => running\n+    ensure => stopped\n"}, {"resource": "Service[wmf_auto_restart_rsync.timer]", "parameters": "--- Service[wmf_auto_restart_rsync.timer].orig\n+++ Service[wmf_auto_restart_rsync.timer]\n\n-    before => ['Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]']\n@@\n-    enable => False\n+    enable => True\n@@\n-    ensure => stopped\n+    ensure => running\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_rsync]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_rsync].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/usr/local/sbin/replicate_krb_database]", "content": "--- /usr/local/sbin/replicate_krb_database.orig\n+++ /usr/local/sbin/replicate_krb_database\n@@ -8,5 +8,4 @@\n \n KRB_DATABASE_FILE=/srv/backup/kdc_database_krepl_$(date +%Y%m%d%H%M%S)\n /usr/sbin/kdb5_util dump $KRB_DATABASE_FILE\n-/usr/sbin/kprop -d -f $KRB_DATABASE_FILE krb2002.codfw.wmnet\n rm -f $KRB_DATABASE_FILE", "parameters": "--- File[/usr/local/sbin/replicate_krb_database].orig\n+++ File[/usr/local/sbin/replicate_krb_database]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/update-motd.d/01-inactive-warning]", "content": "--- /etc/update-motd.d/01-inactive-warning.orig\n+++ /etc/update-motd.d/01-inactive-warning\n@@ -18,6 +18,6 @@\n \n command since credentials are kept in sync via kprod replication.\n \n-The current active kadmin host is krb1002.eqiad.wmnet\n+The current active kadmin host is krb2002.codfw.wmnet\n \n MOTD", "parameters": "--- File[/etc/update-motd.d/01-inactive-warning].orig\n+++ File[/etc/update-motd.d/01-inactive-warning]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]\n\n+    before => ['Service[wmf_auto_restart_rsync.timer]']\n"}, {"resource": "Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]", "parameters": "--- Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)].orig\n+++ Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]\n\n+    before => ['Service[replicate-krb-database.timer]']\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/krb5.conf]", "content": "--- /etc/krb5.conf.orig\n+++ /etc/krb5.conf\n@@ -12,9 +12,8 @@\n \n [realms]\n         WIKIMEDIA = {\n-                kdc = krb1002.eqiad.wmnet\n                 kdc = krb2002.codfw.wmnet\n-                admin_server = krb1002.eqiad.wmnet\n+                admin_server = krb2002.codfw.wmnet\n         }\n \n [domain_realm]"}, {"resource": "File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]", "parameters": "--- File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg].orig\n+++ File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File_line[auto_restart_file_presence_krb5-kpropd]", "parameters": "--- File_line[auto_restart_file_presence_krb5-kpropd].orig\n+++ File_line[auto_restart_file_presence_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.timer]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.timer].orig\n+++ File[/lib/systemd/system/replicate-krb-database.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/krb5kdc/kpropd.acl]", "content": "--- /etc/krb5kdc/kpropd.acl.orig\n+++ /etc/krb5kdc/kpropd.acl\n@@ -1,2 +0,0 @@\n-host/krb1002.eqiad.wmnet@WIKIMEDIA\n-host/krb2002.codfw.wmnet@WIKIMEDIA", "parameters": "--- File[/etc/krb5kdc/kpropd.acl].orig\n+++ File[/etc/krb5kdc/kpropd.acl]\n\n-    mode   => 0444\n-    before => Package[krb5-kpropd]\n+    ensure => absent\n"}, {"resource": "Service[replicate-krb-database.timer]", "parameters": "--- Service[replicate-krb-database.timer].orig\n+++ Service[replicate-krb-database.timer]\n\n-    before => ['Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]']\n@@\n-    enable => False\n+    enable => True\n@@\n-    ensure => stopped\n+    ensure => running\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.service]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.service].orig\n+++ File[/lib/systemd/system/replicate-krb-database.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/var/log/wmf_auto_restart_rsync]", "parameters": "--- File[/var/log/wmf_auto_restart_rsync].orig\n+++ File[/var/log/wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => directory\n"}, {"resource": "File_line[auto_restart_file_presence_rsync]", "parameters": "--- File_line[auto_restart_file_presence_rsync].orig\n+++ File_line[auto_restart_file_presence_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Exec[debconf-set-selections set string krb5-config/kerberos_servers]", "parameters": "--- Exec[debconf-set-selections set string krb5-config/kerberos_servers].orig\n+++ Exec[debconf-set-selections set string krb5-config/kerberos_servers]\n\n@@\n-    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb1002.eqiad.wmnet krb2002.codfw.wmnet\"\n+    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb2002.codfw.wmnet\"\n@@\n-    command => echo set krb5-config/kerberos_servers string \"krb1002.eqiad.wmnet krb2002.codfw.wmnet\" | debconf-set-selections\n+    command => echo set krb5-config/kerberos_servers string \"krb2002.codfw.wmnet\" | debconf-set-selections\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]\n\n-    before => ['Service[wmf_auto_restart_krb5-kpropd.timer]']\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]", "parameters": "--- File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft].orig\n+++ File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}], "perc_changed": "1.32%"}, "main": {"total": 3184, "only_in_self": ["Ferm::Service[kerberos_kpropd_tcp]", "File[/etc/nftables/input/10_kerberos_kpropd_tcp.nft]", "Firewall::Service[kerberos_kpropd_tcp]", "Nftables::Service[kerberos_kpropd_tcp]"], "only_in_other": ["Concat::Fragment[/etc/rsyncd.conf-srv-keytabs]", "Concat_fragment[/etc/rsyncd.conf-srv-keytabs]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.service (wmf_auto_restart_krb5-admin-server.service)]", "Exec[systemd daemon-reload for wmf_auto_restart_krb5-admin-server.timer (wmf_auto_restart_krb5-admin-server.timer)]", "File[/etc/logrotate.d/wmf_auto_restart_krb5-admin-server]", "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-admin-server.conf]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.service]", "File[/lib/systemd/system/wmf_auto_restart_krb5-admin-server.timer]", "File[/var/log/wmf_auto_restart_krb5-admin-server]", "File_line[auto_restart_file_presence_krb5-admin-server]", "Logrotate::Conf[wmf_auto_restart_krb5-admin-server]", "Profile::Auto_restarts::Service[krb5-admin-server]", "Rsyslog::Conf[wmf_auto_restart_krb5-admin-server]", "Service[krb5-admin-server]", "Service[wmf_auto_restart_krb5-admin-server.timer]", "Systemd::Service[wmf_auto_restart_krb5-admin-server]", "Systemd::Syslog[wmf_auto_restart_krb5-admin-server]", "Systemd::Timer::Job[wmf_auto_restart_krb5-admin-server]", "Systemd::Timer[wmf_auto_restart_krb5-admin-server]", "Systemd::Unit[wmf_auto_restart_krb5-admin-server.service]", "Systemd::Unit[wmf_auto_restart_krb5-admin-server.timer]"], "resource_diffs": [{"resource": "Systemd::Syslog[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Syslog[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Syslog[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Debconf::Set[krb5-config/kerberos_servers]", "parameters": "--- Debconf::Set[krb5-config/kerberos_servers].orig\n+++ Debconf::Set[krb5-config/kerberos_servers]\n\n@@\n-    value => krb1002.eqiad.wmnet krb2002.codfw.wmnet\n+    value => krb2002.codfw.wmnet\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Rsyslog::Conf[wmf_auto_restart_rsync]", "parameters": "--- Rsyslog::Conf[wmf_auto_restart_rsync].orig\n+++ Rsyslog::Conf[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Timer::Job[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Timer[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Timer[wmf_auto_restart_rsync].orig\n+++ Systemd::Timer[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Nrpe::Monitor_service[check_replicate-krb-database_status]", "parameters": "--- Nrpe::Monitor_service[check_replicate-krb-database_status].orig\n+++ Nrpe::Monitor_service[check_replicate-krb-database_status]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Service[krb5-kpropd]", "parameters": "--- Service[krb5-kpropd].orig\n+++ Service[krb5-kpropd]\n\n-    require => Package[krb5-kpropd]\n@@\n-    ensure  => running\n+    ensure  => stopped\n"}, {"resource": "Package[krb5-kpropd]", "parameters": "--- Package[krb5-kpropd].orig\n+++ Package[krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Timer[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Timer[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Timer[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Profile::Auto_restarts::Service[rsync]", "parameters": "--- Profile::Auto_restarts::Service[rsync].orig\n+++ Profile::Auto_restarts::Service[rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/var/log/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/var/log/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/var/log/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => directory\n+    ensure => absent\n"}, {"resource": "File[/srv/kerberos/rsync_secrets_file]", "parameters": "--- File[/srv/kerberos/rsync_secrets_file].orig\n+++ File[/srv/kerberos/rsync_secrets_file]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Class[Profile::Apt]", "parameters": "--- Class[Profile::Apt].orig\n+++ Class[Profile::Apt]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[rsync]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[rsync]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']\n"}, {"resource": "Systemd::Syslog[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Syslog[wmf_auto_restart_rsync].orig\n+++ Systemd::Syslog[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Service[wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- Service[wmf_auto_restart_krb5-kpropd.timer].orig\n+++ Service[wmf_auto_restart_krb5-kpropd.timer]\n\n+    before => ['Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]']\n@@\n-    enable => True\n+    enable => False\n@@\n-    ensure => running\n+    ensure => stopped\n"}, {"resource": "Service[wmf_auto_restart_rsync.timer]", "parameters": "--- Service[wmf_auto_restart_rsync.timer].orig\n+++ Service[wmf_auto_restart_rsync.timer]\n\n-    before => ['Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]']\n@@\n-    enable => False\n+    enable => True\n@@\n-    ensure => stopped\n+    ensure => running\n"}, {"resource": "Systemd::Unit[replicate-krb-database.timer]", "parameters": "--- Systemd::Unit[replicate-krb-database.timer].orig\n+++ Systemd::Unit[replicate-krb-database.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_rsync]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_rsync].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Unit[replicate-krb-database.service]", "parameters": "--- Systemd::Unit[replicate-krb-database.service].orig\n+++ Systemd::Unit[replicate-krb-database.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Monitoring::Exported_nagios_service[krb2002 check_replicate-krb-database_status]", "parameters": "--- Monitoring::Exported_nagios_service[krb2002 check_replicate-krb-database_status].orig\n+++ Monitoring::Exported_nagios_service[krb2002 check_replicate-krb-database_status]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Class[Profile::Kerberos::Kadminserver]", "parameters": "--- Class[Profile::Kerberos::Kadminserver].orig\n+++ Class[Profile::Kerberos::Kadminserver]\n\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n"}, {"resource": "Class[Profile::Kerberos::Replication]", "parameters": "--- Class[Profile::Kerberos::Replication].orig\n+++ Class[Profile::Kerberos::Replication]\n\n@@\n-    krb_kdc_servers    => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers    => ['krb2002.codfw.wmnet']\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n"}, {"resource": "File[/usr/local/sbin/replicate_krb_database]", "content": "--- /usr/local/sbin/replicate_krb_database.orig\n+++ /usr/local/sbin/replicate_krb_database\n@@ -8,5 +8,4 @@\n \n KRB_DATABASE_FILE=/srv/backup/kdc_database_krepl_$(date +%Y%m%d%H%M%S)\n /usr/sbin/kdb5_util dump $KRB_DATABASE_FILE\n-/usr/sbin/kprop -d -f $KRB_DATABASE_FILE krb2002.codfw.wmnet\n rm -f $KRB_DATABASE_FILE", "parameters": "--- File[/usr/local/sbin/replicate_krb_database].orig\n+++ File[/usr/local/sbin/replicate_krb_database]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Monitor[replicate-krb-database]", "parameters": "--- Systemd::Monitor[replicate-krb-database].orig\n+++ Systemd::Monitor[replicate-krb-database]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/update-motd.d/01-inactive-warning]", "content": "--- /etc/update-motd.d/01-inactive-warning.orig\n+++ /etc/update-motd.d/01-inactive-warning\n@@ -18,6 +18,6 @@\n \n command since credentials are kept in sync via kprod replication.\n \n-The current active kadmin host is krb1002.eqiad.wmnet\n+The current active kadmin host is krb2002.codfw.wmnet\n \n MOTD", "parameters": "--- File[/etc/update-motd.d/01-inactive-warning].orig\n+++ File[/etc/update-motd.d/01-inactive-warning]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Ferm::Service[rsyncd_access_srv_keytabs]", "parameters": "--- Ferm::Service[rsyncd_access_srv_keytabs].orig\n+++ Ferm::Service[rsyncd_access_srv_keytabs]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Class[Adduser]", "parameters": "--- Class[Adduser].orig\n+++ Class[Adduser]\n\n@@\n-    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]', 'Package[rsync]']\n+    before => ['Package[puppet]', 'Package[facter]', 'Package[augeas-tools]', 'Package[virt-what]', 'Package[puppet-module-puppetlabs-augeas-core]', 'Package[python3-prometheus-client]', 'Package[python3-yaml]', 'Package[ruby-net-ssh]', 'Package[openssl]', 'Package[ssl-cert]', 'Package[ca-certificates]', 'Package[wmf-certificates]', 'Package[ntp]', 'Package[systemd-timesyncd]', 'Package[exim4-config]', 'Package[exim4-daemon-light]', 'Package[logrotate]', 'Package[prometheus-node-exporter]', 'Package[bsdutils]', 'Package[smartmontools]', 'Package[rsyslog]', 'Package[rsyslog-openssl]', 'Package[cadvisor]', 'Package[prometheus-ethtool-exporter]', 'Package[acct]', 'Package[byobu]', 'Package[colordiff]', 'Package[curl]', 'Package[debian-goodies]', 'Package[ethtool]', 'Package[gdb]', 'Package[gdisk]', 'Package[git]', 'Package[htop]', 'Package[httpry]', 'Package[iotop]', 'Package[iperf]', 'Package[jq]', 'Package[libtemplate-perl]', 'Package[lldpd]', 'Package[lshw]', 'Package[molly-guard]', 'Package[moreutils]', 'Package[net-tools]', 'Package[numactl]', 'Package[ncdu]', 'Package[ngrep]', 'Package[pigz]', 'Package[psmisc]', 'Package[pv]', 'Package[python3]', 'Package[screen]', 'Package[strace]', 'Package[sysstat]', 'Package[tcpdump]', 'Package[tmux]', 'Package[tree]', 'Package[vim]', 'Package[vim-addon-manager]', 'Package[vim-scripts]', 'Package[wipe]', 'Package[xfsprogs]', 'Package[zsh]', 'Package[icdiff]', 'Package[linux-perf]', 'Package[bsd-mailx]', 'Package[ack]', 'Package[netcat-openbsd]', 'Package[tshark]', 'Package[fzf]', 'Package[ripgrep]', 'Package[fd-find]', 'Package[kitty-terminfo]', 'Package[mtr-tiny]', 'Package[bat]', 'Package[efibootmgr]', 'Package[bind9-dnsutils]', 'Package[tzdata]', 'Package[python3-wmflib]', 'Package[ruby-sorted-set]', 'Package[btop]', 'Package[dstat]', 'Package[apport]', 'Package[command-not-found]', 'Package[command-not-found-data]', 'Package[ecryptfs-utils]', 'Package[mlocate]', 'Package[os-prober]', 'Package[python3-apport]', 'Package[wpasupplicant]', 'Package[apt-listchanges]', 'Package[isc-dhcp-client]', 'Package[rasdaemon]', 'Package[libicu67]', 'Package[libwsutil12]', 'Package[libwireshark14]', 'Package[libopencsd0]', 'Package[libwiretap11]', 'Package[ruby2.7]', 'Package[python3.9-minimal]', 'Package[python3.9]', 'Package[perl-modules-5.32]', 'Package[libpython3.9]', 'Package[libperl5.32]', 'Package[libpython3.9-minimal]', 'Package[libpython3.9-stdlib]', 'Package[libidn11]', 'Package[libldap-2.4-2]', 'Package[liburing1]', 'Package[libwebp6]', 'Package[libcbor0]', 'Package[libusb-0.1-4]', 'Package[telnet]', 'Package[libruby2.7]', 'Package[libdns-export1110]', 'Package[libisc-export1105]', 'Package[libbpf0]', 'Package[openssh-client]', 'Package[openssh-server]', 'Package[debdeploy-client]', 'Package[python3-dateutil]', 'Package[sudo]', 'Package[golang-cfssl]', 'Package[debmonitor-client]', 'Package[nagios-nrpe-server]', 'Package[monitoring-plugins]', 'Package[monitoring-plugins-basic]', 'Package[monitoring-plugins-standard]', 'Package[liburiparser1]', 'Package[python3-attr]', 'Package[iucode-tool]', 'Package[freeipmi-tools]', 'Package[freeipmi-ipmiseld]', 'Package[rsyslog-kafka]', 'Package[emacs-nox]', 'Package[prometheus-ipmi-exporter]', 'Package[libnet-dns-perl]', 'Package[iptables]', 'Package[ferm]', 'Package[nftables]', 'Package[conntrack]', 'Package[krb5-kdc]', 'Package[bacula-fd]', 'Package[krb5-admin-server]', 'Package[python3-pexpect]', 'Package[rsync]', 'Package[krb5-kpropd]', 'Package[krb5-user]', 'Package[kstart]', 'Package[prometheus-rsyslog-exporter]', 'Package[initramfs-tools]', 'Package[python3-click]', 'Package[python3-box]', 'Package[confd]', 'Package[python3-toml]']\n"}, {"resource": "Rsyslog::Conf[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Rsyslog::Conf[wmf_auto_restart_krb5-kpropd].orig\n+++ Rsyslog::Conf[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_rsync.timer (wmf_auto_restart_rsync.timer)]\n\n+    before => ['Service[wmf_auto_restart_rsync.timer]']\n"}, {"resource": "Systemd::Timer::Job[replicate-krb-database]", "parameters": "--- Systemd::Timer::Job[replicate-krb-database].orig\n+++ Systemd::Timer::Job[replicate-krb-database]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]", "parameters": "--- Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)].orig\n+++ Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]\n\n+    before => ['Service[replicate-krb-database.timer]']\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.service]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.service].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/krb5.conf]", "content": "--- /etc/krb5.conf.orig\n+++ /etc/krb5.conf\n@@ -12,9 +12,8 @@\n \n [realms]\n         WIKIMEDIA = {\n-                kdc = krb1002.eqiad.wmnet\n                 kdc = krb2002.codfw.wmnet\n-                admin_server = krb1002.eqiad.wmnet\n+                admin_server = krb2002.codfw.wmnet\n         }\n \n [domain_realm]"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-kpropd.service]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-kpropd.service].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-kpropd.service]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]", "parameters": "--- File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg].orig\n+++ File[/etc/nagios/nrpe.d/check_check_replicate-krb-database_status.cfg]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File_line[auto_restart_file_presence_krb5-kpropd]", "parameters": "--- File_line[auto_restart_file_presence_krb5-kpropd].orig\n+++ File_line[auto_restart_file_presence_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.timer]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.timer].orig\n+++ File[/lib/systemd/system/replicate-krb-database.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_rsync.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_rsync.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_rsync.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_rsync.timer]", "parameters": "--- Systemd::Unit[wmf_auto_restart_rsync.timer].orig\n+++ Systemd::Unit[wmf_auto_restart_rsync.timer]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Profile::Auto_restarts::Service[krb5-kpropd]", "parameters": "--- Profile::Auto_restarts::Service[krb5-kpropd].orig\n+++ Profile::Auto_restarts::Service[krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Nrpe::Check[check_check_replicate-krb-database_status]", "parameters": "--- Nrpe::Check[check_check_replicate-krb-database_status].orig\n+++ Nrpe::Check[check_check_replicate-krb-database_status]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/etc/krb5kdc/kpropd.acl]", "content": "--- /etc/krb5kdc/kpropd.acl.orig\n+++ /etc/krb5kdc/kpropd.acl\n@@ -1,2 +0,0 @@\n-host/krb1002.eqiad.wmnet@WIKIMEDIA\n-host/krb2002.codfw.wmnet@WIKIMEDIA", "parameters": "--- File[/etc/krb5kdc/kpropd.acl].orig\n+++ File[/etc/krb5kdc/kpropd.acl]\n\n-    mode   => 0444\n-    before => Package[krb5-kpropd]\n+    ensure => absent\n"}, {"resource": "Service[replicate-krb-database.timer]", "parameters": "--- Service[replicate-krb-database.timer].orig\n+++ Service[replicate-krb-database.timer]\n\n-    before => ['Exec[systemd daemon-reload for replicate-krb-database.timer (replicate-krb-database.timer)]']\n@@\n-    enable => False\n+    enable => True\n@@\n-    ensure => stopped\n+    ensure => running\n"}, {"resource": "Class[Profile::Kerberos::Client]", "parameters": "--- Class[Profile::Kerberos::Client].orig\n+++ Class[Profile::Kerberos::Client]\n\n@@\n-    krb_kadmin_primary => krb1002.eqiad.wmnet\n+    krb_kadmin_primary => krb2002.codfw.wmnet\n@@\n-    krb_kdc_servers    => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers    => ['krb2002.codfw.wmnet']\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-krb5-kpropd.conf]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]", "parameters": "--- File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd].orig\n+++ File[/etc/logrotate.d/wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/replicate-krb-database.service]", "parameters": "--- File[/lib/systemd/system/replicate-krb-database.service].orig\n+++ File[/lib/systemd/system/replicate-krb-database.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File[/var/log/wmf_auto_restart_rsync]", "parameters": "--- File[/var/log/wmf_auto_restart_rsync].orig\n+++ File[/var/log/wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => directory\n"}, {"resource": "Logrotate::Conf[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Logrotate::Conf[wmf_auto_restart_krb5-kpropd].orig\n+++ Logrotate::Conf[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Service[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Service[wmf_auto_restart_rsync].orig\n+++ Systemd::Service[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "File_line[auto_restart_file_presence_rsync]", "parameters": "--- File_line[auto_restart_file_presence_rsync].orig\n+++ File_line[auto_restart_file_presence_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Class[Profile::Kerberos::Kdc]", "parameters": "--- Class[Profile::Kerberos::Kdc].orig\n+++ Class[Profile::Kerberos::Kdc]\n\n@@\n-    krb_kdc_servers => ['krb1002.eqiad.wmnet', 'krb2002.codfw.wmnet']\n+    krb_kdc_servers => ['krb2002.codfw.wmnet']\n"}, {"resource": "Exec[debconf-set-selections set string krb5-config/kerberos_servers]", "parameters": "--- Exec[debconf-set-selections set string krb5-config/kerberos_servers].orig\n+++ Exec[debconf-set-selections set string krb5-config/kerberos_servers]\n\n@@\n-    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb1002.eqiad.wmnet krb2002.codfw.wmnet\"\n+    unless  => test \"$(echo get krb5-config/kerberos_servers | debconf-communicate)\" = \"0 krb2002.codfw.wmnet\"\n@@\n-    command => echo set krb5-config/kerberos_servers string \"krb1002.eqiad.wmnet krb2002.codfw.wmnet\" | debconf-set-selections\n+    command => echo set krb5-config/kerberos_servers string \"krb2002.codfw.wmnet\" | debconf-set-selections\n"}, {"resource": "Nftables::Service[rsyncd_access_srv-keytabs]", "parameters": "--- Nftables::Service[rsyncd_access_srv-keytabs].orig\n+++ Nftables::Service[rsyncd_access_srv-keytabs]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Timer[replicate-krb-database]", "parameters": "--- Systemd::Timer[replicate-krb-database].orig\n+++ Systemd::Timer[replicate-krb-database]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Timer::Job[wmf_auto_restart_rsync]", "parameters": "--- Systemd::Timer::Job[wmf_auto_restart_rsync].orig\n+++ Systemd::Timer::Job[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Monitoring::Service[check_replicate-krb-database_status]", "parameters": "--- Monitoring::Service[check_replicate-krb-database_status].orig\n+++ Monitoring::Service[check_replicate-krb-database_status]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Firewall::Service[rsyncd_access_srv-keytabs]", "parameters": "--- Firewall::Service[rsyncd_access_srv-keytabs].orig\n+++ Firewall::Service[rsyncd_access_srv-keytabs]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Rsync::Server::Module[srv-keytabs]", "parameters": "--- Rsync::Server::Module[srv-keytabs].orig\n+++ Rsync::Server::Module[srv-keytabs]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]", "parameters": "--- Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)].orig\n+++ Exec[systemd daemon-reload for wmf_auto_restart_krb5-kpropd.timer (wmf_auto_restart_krb5-kpropd.timer)]\n\n-    before => ['Service[wmf_auto_restart_krb5-kpropd.timer]']\n"}, {"resource": "File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]", "parameters": "--- File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf].orig\n+++ File[/etc/rsyslog.d/40-wmf-auto-restart-rsync.conf]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Service[replicate-krb-database]", "parameters": "--- Systemd::Service[replicate-krb-database].orig\n+++ Systemd::Service[replicate-krb-database]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Logrotate::Conf[wmf_auto_restart_rsync]", "parameters": "--- Logrotate::Conf[wmf_auto_restart_rsync].orig\n+++ Logrotate::Conf[wmf_auto_restart_rsync]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_rsync.service]", "parameters": "--- Systemd::Unit[wmf_auto_restart_rsync.service].orig\n+++ Systemd::Unit[wmf_auto_restart_rsync.service]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Systemd::Service[wmf_auto_restart_krb5-kpropd]", "parameters": "--- Systemd::Service[wmf_auto_restart_krb5-kpropd].orig\n+++ Systemd::Service[wmf_auto_restart_krb5-kpropd]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]", "parameters": "--- File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft].orig\n+++ File[/etc/nftables/input/10_rsyncd_access_srv-keytabs.nft]\n\n@@\n-    ensure => absent\n+    ensure => present\n"}, {"resource": "Motd::Script[inactive_warning]", "parameters": "--- Motd::Script[inactive_warning].orig\n+++ Motd::Script[inactive_warning]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer].orig\n+++ Systemd::Unit[wmf_auto_restart_krb5-kpropd.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}, {"resource": "File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]", "parameters": "--- File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer].orig\n+++ File[/lib/systemd/system/wmf_auto_restart_krb5-kpropd.timer]\n\n@@\n-    ensure => present\n+    ensure => absent\n"}], "perc_changed": "2.98%"}}}